Vaijayanti Korde

Thwarting SQL Injection: Defense in Depth

Posted by Vaijayanti Korde in Security Labs on August 31, 2016

SQL as a language is vulnerable to injection attacks because it allows mixing of instructions and data, which attackers can conveniently exploit to achieve their nefarious objectives.

The root cause behind successful SQL injection attacks is the execution of user-supplied data as SQL instructions. This classic cartoon illustrates the perils of trusting user inputs, and how they can lead to a successful SQLi attack:

From the webcomic xkcd:

The Importance of a Proper HTTP Strict Transport Security Implementation on Your Web Server

Posted by Vaijayanti Korde in Security Labs on March 28, 2016

About 95 percent of HTTPS servers are vulnerable to connection hijacking, opening the door for hackers to launch man-in-the-middle and other devastating cyber attacks. That’s according to a Netcraft study released about a week ago. The reason for this concerning situation? Only 5 percent of HTTPS servers have a correct implementation of HTTP Strict Transport Security.

Qualys Blog

Thwarting SQL Injection: Defense in Depth

The Importance of a Proper HTTP Strict Transport Security Implementation on Your Web Server